Trump’s executive order isn’t enough to tackle cyber terror
© Photo illustration/Garrett Evans
If any reminder were needed of the very real dangers posed by cyber warfare, the recent massive global attack was it. It was unprecedented in its scope, reaching 150 countries and breaching national infrastructure and institutions. The United Kingdom’s National Health Service, Germany’s Deutsche Bahn rail network, Spain’s Telefonica communications provider and Russia’s Interior Ministry were among those infiltrated by the WannaCry ransomware.
Previous high-profile hacks had targeted specific institutions. Confidential documents at Sony were exposed in 2014, after the company backed a controversial movie and of course last year, the Democratic National Committee was targeted during the election campaign. But WannaCry reached far and wide, leaving the public unable to access key services and millions in fear of being hacked. As such, the hackers created the sense of panic and chaos that any conventional terrorist wishes for.
The WannaCry attack also exposed how poorly prepared governments are when it comes to cyber assaults. It is hardly as if the hackers used previously unknown methods of attack. On average, there were 4,000 ransomware attacks each day in 2016, according to the FBI. The phishing technique which the hackers are thought to have used to deploy WannaCry, accounted for 95 percent of all cyber attacks in 2016. And yet, the attackers were able to infiltrate important networks and cause an international security incident.
Clearly, governments have plenty of work to do. Just days before WannaCry struck across the world, President Trump signed a long-awaited Executive Order to improve the nation’s cybersecurity. It is certainly a good first step in the battle against digital assault. Essentially, it requires something of a federal audit. Government agencies will be assessed in order to accurately ascertain their current cyber capabilities and vulnerabilities. Once completed, this will form a crucial baseline, a starting point from which to build an effective cyber defense strategy. It will give Washington the ability to confidently prioritize key assets and to devote resources and technological tools accordingly.
The executive order is a promising initial measure. But it must not end there. The battle against cyber terror requires a holistic approach. There must be an understanding that in cyberspace, everything is connected. As such, no single network exists in isolation. And so a breach in one branch of government, one financial institution or one transport network automatically places others in danger. Therefore, genuine cyber security can never be a matter of a single piece of technology. Instead, it requires best practices to be developed across all key bodies and infrastructure. It requires procedures to be put in place across myriad agencies and industries in order to protect one another and the country as a whole.
However, the scourge of cyber terror transcends borders. Even the best protection at home cannot guarantee that breaches won’t cause damage from abroad. And because cyber enemies know no borders, nor should our efforts to defend against them. Hackers are an especially elusive enemy. Unlike conventional terrorists, they closely guard their anonymity, rather than publicize their cause. And so, international cooperation is required more than ever when it comes to digital warfare. Only a global alliance of like-minded cyber allies can help to successfully identify the cyber criminals and bring them to justice.
Washington pioneered the coalition against conventional terror. It took no small amount of energy and diplomatic capital to forge such an alliance. And it has subsequently required advanced military cooperation between Western armed forces in order to make progress. But even now, the war on terror is a long-term project which has still not fully met its objective.
Make no mistake. A similar effort will be required in order to defeat cyber terror. And WannaCry demonstrated unequivocally that the time has come to build a coalition against the enemies who plague cyberspace and threaten to disrupt daily life for us all. If Washington is serious about guaranteeing America’s cyber safety, then it will need help from friends abroad. Should the White House and the Pentagon fail to take the initiative, then they may very quickly find that President Trump’s executive order was simply not enough.
Col. (res) Gal Shmueli is the chief technology officer (CTO) of CyGov, a leading cyber security advisory. He previously served as Cyber CTO of the IDF and helped establish Israel’s National Cyber Agency.
The views expressed by contributors are their own and are not the views of The Hill.